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Amendments to the Claims: 

This listing of claims will replace all prior versions, and listings, of claims in the 
application: 

Listing of Claims: 

1. (Previously Presented) An Application Gateway Module suitable for use in a 
telecommunication system wherein a service network authenticates a user and 
authorizes the user for accessing a service offered by a service provider, the 
Application Gateway Module arranged for intercepting application messages between 
the user and the service and for identifying said user and said service, and including: 

means for obtaining an authorization decision on whether the user is allowed to 
access the service; 

the Application Gateway Module comprising: 

means for assigning a service session identifier intended to identify those 
application messages exchanged between the user and the service and that belong to a 
same service delivery authorized for said user; 

means for configuring a first finite-state machine with a number of statuses 
intended to identify specific events in service delivery, the first finite state machine 
configured to control service progression 

means for initiating a specific instance of the first finite-state machine, said 
specific instance being identified by the assigned service session identifier; and 

means for activating service policies applicable to said specific events and 
resulting in a state transition in the specific instance identified by the assigned service 
session identifier. 

2. (Canceled) 

3. (Previously Presented) The Application Gateway Module of claim 1, wherein 
the means for activating service policies include means for setting at least one element 
selected from a non-exhaustive list of references and attributes that comprises: 
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a number of message field values to match, a number of specific actions to carry 
out on matching, a number of timer values to run, and a number of transactions to 
supervise. 

4. (Previously Presented) The Application Gateway Module of claim 1, wherein 
the means for activating service policies include means for activating a global service 
policy independently of any service delivery in progress. 

5. (Previously Presented) The Application Gateway Module of claim 1, wherein 
the means for activating service policies include means for initiating an instance of a 
global service policy to apply as an individual service policy within a specific instance of 
the first finite-state machine, the individual service policy inheriting references and 
attributes from the global service policy. 

6. (Previously Presented) The Application Gateway Module of claim 5, further 
comprising means for overwriting references and attributes of an individual service 
policy with new references and attributes during a service progression handled within a 
specific instance of the first finite- state machine. 

7. (Previously Presented) The Application Gateway Module of claim 5, wherein 
a particular state is associated with a number of individual service policies within a 
specific instance of the first finite-state machine, said instance identified by a given 
service session identifier. 

8. (Previously Presented) The Application Gateway Module of claim 1, wherein 
the means for obtaining an authorization decision include means for requesting a 
service authorization from an Authorization Module. 

9. (Previously Presented) The Application Gateway Module of claim 8, wherein 
the means for activating service policies include means for receiving from the 
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Authorization Module at least one element applicable to set a service policy, the 
element selected from a non-exhaustive list of references and attributes that comprises: 
a number of message field values to match, a number of specific actions to carry out on 
matching, a number of timer values to run, and a number of transactions to supervise. 

10. (Previously Presented) The Application Gateway Module of claim 8, wherein 
the means for activating service policies includes means for receiving a global service 
policy from the Authorization Module. 

11. (Previously Presented) The Application Gateway Module of claim 8, further 
comprising means for receiving references and attributes from the Authorization Module 
applicable to overwrite an individual service policy with new references and attributes 
during a service progression handled within a specific instance of the first finite-state 
machine. 

12. (Previously Presented) The Application Gateway Module of claim 8, further 
comprising means for notifying to the Authorization Module a specific event in service 
progression. 

13. (Previously Presented) The Application Gateway Module of claim 8, further 
comprising means for requesting from the Authorization Module a further processing to 
determine an appropriate action to go on with the service progression. 

14. (Previously Presented) The Application Gateway Module of claim 13, further 
comprising means for receiving from the Authorization Module an instruction selected 
from: access granted without restriction, another service to substitute a previous service 
requested, forced logout, and indication of a state transition. 

15. (Previously Presented) An Authorization Module suitable for use in a 
telecommunication system wherein a service network authenticates a user and 
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authorizes the user for accessing a service offered by a service provider, the 
Authorization Module arranged for deciding whether a user is allowed to access a 
service and having: 

means for receiving a service authorization request from an Application Gateway 
Module; and 

means for returning to the Application Gateway Module a response on whether 
the user is granted access to the requested service; 
the Authorization Module comprising : 

means for generating a service session identifier intended to correlate those 
application messages exchanged between the user and the service and that belong to a 
same service delivery authorized for said user; 

means for configuring a second finite-state machine with a number of statuses 
intended to identify specific events in service progression, the second finite-state 
machine usable by the Authorization Module to act over the Application Gateway 
Module to control the service progression; 

means for initiating a specific instance of the second finite-state machine, said 
specific instance being identified by said service session identifier; and 

means for determining service policies applicable to said specific events and 
resulting in a state transition in the specific instance identified by the assigned service 
session identifier. 

16. (Previously Presented) The Authorization Module of claim 15, wherein the 
means for generating a service session identifier comprise means for including said 
service session identifier in the response to be returned to the Application Gateway 
Module on whether the user is granted access to the requested service. 

17. (Canceled) 

18. (Previously Presented) The Authorization Module of claim 15, wherein a 
particular state is associated with a number of service policies within a specific instance 
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of the second finite- state machine, said instance identified by a given service session 
identifier. 

19. (Previously Presented) The Authorization Module of claim 15, wherein the 
means for determining service policies comprise means for including in the response 
towards the Application Gateway Module at least one information element to activate a 
service policy within a specific state in the Application Gateway Module, said at least 
one information element selected from a non-exhaustive list of references and attributes 
that comprises: 

- a number of message field values to match; 

- a set of actions to carry out on matching a given message field value ; 

- a number of new timer values to run; and 

- a number of transactions to supervise. 

20. (Previously Presented) The Authorization Module of claim 19, wherein the 
means for including in the response towards the Application Gateway Module at least 
one information element to activate a service policy include means for indicating that 
this is a global service policy to apply independently of any service delivery in progress. 

21. (Previously Presented) The Authorization Module of claim 16, further 
comprising means for receiving a notification, from an Application Gateway Module, 
indicating a specific event detected in service progression. 

22. (Previously Presented) The Authorization Module of claim 16, further 
comprising means for receiving a request, from an Application Gateway Module, asking 
for an instruction to proceed with a service progression. 

23. (Previously Presented) The Authorization Module of claim 22, further 
comprising means for sending towards the Application Gateway Module an instruction 
selected from: access granted without restriction, another service to substitute a 
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previous service requested, forced logout, and indication of a state transition. 

24. (Previously Presented) The Authorization Module of claim 16, further 
comprising means for receiving an application message from at least one entity 
selected from a number of application servers and provisioning systems, the 
application message including a given service session identifier intended to identify a 
specific instance of the second finite-state machine in the Authorization Module. 

25. (Previously Presented) A method for authorizing a user of a service network 
to access a service offered by a service server of a service provider, the user already 
authenticated by the service network, the server arranged to deliver a service that 
comprises a plurality of transactions by exchanging a plurality of application messages 
with the user, the method comprising the steps of: 

obtaining a first authorization decision on whether the user is allowed to access 
the service; 

generating and assigning a service session identifier intended to identify those 
application messages exchanged between the user and the service and that belong to a 
same service delivery authorized for said user; 

configuring at least one finite-state machine with a number of statuses intended 
to identify specific events in service delivery, the finite-state machine usable for 
controlling service progression 

initiating a specific instance of the at least one finite-state machine, said specific 
instance being identified by the assigned service session identifier; and 

activating service policies applicable to said specific events and resulting in a 
state transition in the specific instance identified by the assigned service session 
identifier. 

26. (Canceled) 

27. (Previously Presented) The method of claim 25, wherein a particular state 
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within the specific instance of the at least one finite-state machine is associated with a 
number of service policies. 

28. (Previously Presented) The method of claim 25, wherein the step of activating 
service policies includes a step of setting at least one element selected from a non- 
exhaustive list of references and attributes that comprises: a number of message field 
values to match, a number of specific actions to carry out on matching, a number of 
timer values to run, and a number of transactions to supervise. 

29. (Previously Presented) The method of claim 25, further comprising a step of 
receiving at the service network an application message originated at an entity selected 
from: a number of service servers of a service provider and a number of entities of a 
provisioning system, the application message including a given service session 
identifier intended to identify a specific instance of the at least one finite-state machine. 

30. (Previously Presented) The method of claim 25, wherein the step of 
configuring at least one finite-state machine further comprises configuring a first finite- 
state machine in an Application Gateway Module and configuring a second finite-state 
machine in an Authorization Module. 

31. (Previously Presented) An Application Gateway Module suitable for use in a 
telecommunication system wherein a service network authenticates a user and 
authorizes the user for accessing a service offered by a service provider, the Application 
Gateway Module arranged for intercepting application messages between the user and 
the service and for identifying said user and said service, the Application Gateway 
Module comprising: 

means for obtaining an authorization decision on whether the user is allowed to 
access the service; 
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means for assigning a service session identifier intended to identify those 
application messages exchanged between the user and the service and that belong to a 
same service delivery authorized for said user; 

means for configuring a first finite-state machine with a number of statuses 
intended to identify specific events in service delivery, the first finite state machine 
configured to control service progression from a null state, a service authorization state, 
an active service state, and a disconnect service state; and 

means for activating service policies applicable to said specific events and 
resulting in a state transition in the first finite-state machine, the activating means further 
comprising: 

means for statically arming at least one of the service policies before 
arrival of a first message to invoke the service; and 
means for dynamically arming at least one of the service policies during the progression 
of the service. 
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